'Think before you click': Officials talk cybersecurity in wake of Mecklenburg County hack

FILE -- An Asheville city official offered cyber security tips days after Mecklenburg County had its servers hacked and held for ransom. (Photo credit: Pixabay)

An Asheville official offered cybersecurity tips days after a North Carolina county had its servers hacked and held for ransom.

"Much sympathy to Mecklenburg County's ransomware situation," Asheville's chief information officer Jonathan Feldman said in a tweet Thursday.

On Tuesday, Mecklenburg County officials told local media outlets that someone opened an email attachment they shouldn't have, helping a hacker gain entry to the county's system.

Officials said the hacker demanded $23,000 to unlock the data, but the county said Wednesday it wouldn't pay the ransom. County manager Dena Diorio said the county has backup data and other resources to restore its computer system.

Feldman said the most important thing anyone can do for cyber security is having good backups of their data.

"This could happen anywhere at anytime to anybody," Feldman tweeted. "Because your security posture will only MINIMIZE, never ELIMINATE risk."

Here are some other security tips Feldman shared:

  • Use strong passwords and never share them. Also use two factor authentication where available.
  • Keep your device operating system and software up to date to get rid of known security flaws.
  • Use virus protection software.
  • Slow down when you get an email that promises "catastrophe or heaven" if you don't do XYZ. Ask someone if you're unsure if an email is legitimate.

"Above all, consider unfortunate situations like Mecklenburg County's as an opportunity to remind yourself to THINK BEFORE YOU CLICK," he concluded.

Buncombe County's public information coordinator also released the following statement about the county's cybersecurity:

Buncombe County recognizes that the threat of a cybersecurity attack is a critical risk for which we must be prepared. We have a dedicated division within the Information Technology department to ensure that we proactively focus on all aspects of information security rather than being solely reactive. Buncombe County employs a multi-tiered approach to data protection based primarily around threat prevention and disaster recovery. The County has multiple levels of threat prevention including perimeter protection, as well as anti-virus and endpoint protection. We have periodic security audits of infrastructure and applications performed by third party security consulting firms in order to validate procedures in place and point out areas for continual improvement. The County is actively working on providing security focused training for all employees related to email, device, and data protection. Wherever possible, we strive to employ the latest industry technologies to protect the services and the data of the County.

The assistant city manager for Hendersonville says the city uses a third party contractor to manage IT services which Brian Pahle says provides some relief.

“That builds some confidence in us because they are a professional firm," Pahle said. "Yet at the same time, we know that we have to be very careful with what we’re doing because every day technology is evolving, and the hackers are getting better and better at what they do."

That’s why the technology committee meets regularly, discussing any potential problems that may arise.

But Pahle says it doesn’t stop there.

“About every couple of years, we go out and talk with other contractors. Come in, look how they’re doing, look how we’re managing our IT services and see how we can improve because it’s all about continuous improvement,” he said.

close video ad
Unmutetoggle ad audio on off